Ubuntu
linux-ubuntu-modules-2.6.24 package

snd_bt_sco crash at startup

Bug #202249 reported by Alvaro Leal (Effenberg0x0)
6
Affects Status Importance Assigned to Milestone
linux-ubuntu-modules-2.6.24 (Ubuntu)
Fix Released
High
Colin Ian King

Bug Description

uname -a: Linux effenberg-mobile 2.6.24-12-generic #1 SMP Wed Mar 12 23:01:54 UTC 2008 i686 GNU/Linux
effenberg@effenberg-mobile:~$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=8.04
DISTRIB_CODENAME=hardy
DISTRIB_DESCRIPTION="Ubuntu hardy (development branch)"
effenberg@effenberg-mobile:~$

snd_bt_sco is crashing at every startup for me for the last two weeks. I could not track at each of Hardy's updates this started happening. The bug survived the recent Kernel updates. Here's what I see with dmesg:

[ 40.239738] snd-bt-sco revision 1.19 $
[ 40.239817] snd-bt-sco: snd-bt-scod thread starting
[ 40.263611] BUG: unable to handle kernel NULL pointer dereference at virtual address 00000002
[ 40.263702] printing eip: dcb97745 *pde = 00000000
[ 40.263821] Oops: 0000 [#1] SMP
[ 40.263937] Modules linked in: snd_bt_sco snd_hwdep parport_pc lp parport tun pcmcia joydev wlan_scan_sta ath_rate_sample evdev snd_via82xx gameport snd_via82xx_modem snd_ac97_codec snd_mpu401_uart ac97_bus snd_pcm_oss snd_pcm psmouse pcspkr serio_raw snd_mixer_oss video output snd_seq_dummy snd_seq_midi snd_rawmidi snd_seq_oss snd_seq_midi_event snd_seq snd_timer snd_seq_device snd snd_page_alloc soundcore i2c_viapro i2c_core battery ac button yenta_socket ath_pci wlan rsrc_nonstatic pcmcia_core ath_hal(P) shpchp pci_hotplug via_agp agpgart iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack iptable_mangle iptable_filter ip_tables x_tables ext3 jbd mbcache sg sd_mod sr_mod cdrom via82cxxx ide_core usbhid hid pata_acpi via_rhine ehci_hcd sata_via uhci_hcd pata_via ata_generic mii usbcore libata scsi_mod thermal processor fan fuse vesafb fbcon tileblit font bitblit softcursor
[ 40.267358]
[ 40.267402] Pid: 6277, comm: modprobe Tainted: P (2.6.24-12-generic #1)
[ 40.267455] EIP: 0060:[<dcb97745>] EFLAGS: 00010246 CPU: 0
[ 40.267519] EIP is at snd_pcm_timer_init+0x25/0x170 [snd_pcm]
[ 40.267565] EAX: 00000002 EBX: d994be00 ECX: dab63dfc EDX: 00000000
[ 40.267612] ESI: d9a96180 EDI: d994b634 EBP: 00000018 ESP: dab63de4
[ 40.267659] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 40.267705] Process modprobe (pid: 6277, ti=dab62000 task=d9982b40 task.ti=dab62000)
[ 40.267753] Stack: 00000000 00000001 da5fe800 00000000 da5fe800 00000000 00000003 00000000
[ 40.268125] d994be00 00000018 dcb0320c 00000000 d9a96180 d994b600 dcb8f67f dcba092c
[ 40.268496] d994b600 dab63e38 d994bc00 00000001 dcb985f4 436d6370 63304432 ffffff00
[ 40.268867] Call Trace:
[ 40.268958] [<dcb0320c>] snd_add_device_sysfs_file+0x3c/0x70 [snd]
[ 40.269058] [<dcb8f67f>] snd_pcm_dev_register+0xef/0x200 [snd_pcm]
[ 40.269155] [<dcb07e4d>] snd_device_register_all+0x2d/0x60 [snd]
[ 40.269249] [<dcb03a1e>] snd_card_register+0x1e/0x320 [snd]
[ 40.269342] [<dc8a02d7>] alsa_card_bt_sco_init+0x277/0x2be [snd_bt_sco]
[ 40.269432] [<c01516c6>] sys_init_module+0x126/0x19c0
[ 40.269539] [<c0138540>] sigprocmask+0x0/0x110
[ 40.269629] [<c01053c2>] sysenter_past_esp+0x6b/0xa9
[ 40.269720] =======================
[ 40.269764] Code: 5b c3 8d 74 26 00 56 89 c6 53 83 ec 30 8b 56 30 c7 44 24 1c 00 00 00 00 8d 4c 24 18 c7 44 24 18 03 00 00 00 8b 18 83 e2 01 8b 03 <8b> 00 89 44 24 20 8b 43 0c 89 44 24 24 8b 46 0c 01 c0 09 c2 8d
[ 40.272126] EIP: [<dcb97745>] snd_pcm_timer_init+0x25/0x170 [snd_pcm] SS:ESP 0068:dab63de4
[ 40.272262] ---[ end trace fb14b0fe53367498 ]---

The weird thing in my opinion is that it somehow gets loaded:

effenberg@effenberg-mobile:~$ ps ax | grep snd
 6304 ? S 0:00 [snd-bt-scod]
11943 pts/0 R+ 0:00 grep snd
effenberg@effenberg-mobile:~$ lsmod | grep snd_bt_sco
snd_bt_sco 17738 1
snd_hwdep 10500 1 snd_bt_sco
snd_pcm 78596 5 snd_bt_sco,snd_via82xx,snd_via82xx_modem,snd_ac97_codec,snd_pcm_oss
snd 56996 23 snd_rtctimer,snd_bt_sco,snd_hwdep,snd_via82xx,snd_via82xx_modem,snd_ac97_codec,snd_mpu401_uart,snd_pcm_oss,snd_pcm,snd_mixer_oss,snd_seq_dummy,snd_rawmidi,snd_seq_oss,snd_seq,snd_timer,snd_seq_device
snd_page_alloc 11400 4 snd_bt_sco,snd_via82xx,snd_via82xx_modem,snd_pcm
effenberg@effenberg-mobile:~$

However I can't rmmod it.
effenberg@effenberg-mobile:~$ sudo rmmod -f snd_bt_sco
ERROR: Removing 'snd_bt_sco': Device or resource busy

As you can see in this other bug report of mine (https://bugs.launchpad.net/ubuntu/+bug/195829) removing it was the only way I could launch Skype, otherwise it would crash. Now rmmod is impossible.

I really don't know what other info I could provide in other to help you debug this. Please tell me what you need.

Regards,
Effenberg

Revision history for this message
turox (tuxturox) wrote :

can confirm this.

Leann Ogasawara (leannogasawara)
Changed in linux:
assignee: nobody → ubuntu-kernel-team
importance: Undecided → High
status: New → Triaged
Revision history for this message
Ludovico Cavedon (cavedon) wrote :
Download full text (3.4 KiB)

Same problem here, when I
   modprobe snd-bt-sco
------------------------------
snd-bt-sco revision 1.19 $
snd-bt-sco: snd-bt-scod thread starting
Unable to handle kernel NULL pointer dereference at 0000000000000001 RIP:
 [snd_pcm:snd_pcm_timer_init+0x2f/0x1a0] :snd_pcm:snd_pcm_timer_init+0x2f/0x1a0
PGD 520b7067 PUD 521e2067 PMD 0
Oops: 0000 [1] SMP
CPU 0
Modules linked in: snd_bt_sco af_packet snd_rtctimer i915 drm binfmt_misc rfcomm l2cap vboxdrv ppdev tun sit tunnel4 ipv6 acpi_cpufreq cpufreq_powersave cpufreq_stats cpufreq_userspace cpufreq_ondemand cpufreq_conservative freq_table container sbs sbshc dock iptable_filter ip_tables x_tables ext2 mbcache aes_x86_64 dm_crypt dm_mod sbp2 parport_pc lp parport arc4 ecb blkcipher joydev uvcvideo usbhid compat_ioctl32 snd_hda_intel videodev v4l1_compat hci_usb hid snd_pcm_oss snd_mixer_oss v4l2_common bluetooth snd_pcm snd_page_alloc snd_hwdep iwl3945 iwlwifi_mac80211 sky2 cfg80211 sr_mod cdrom snd_seq_dummy snd_seq_oss ac sdhci snd_seq_midi battery mmc_core snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd button video output psmouse serio_raw iTCO_wdt iTCO_vendor_support wmi_acer intel_agp shpchp pci_hotplug soundcore evdev pcspkr reiserfs ata_piix sg sd_mod ata_generic ohci1394 ieee1394 ahci pata_acpi libata scsi_mod ehci_hcd uhci_hcd usbcore thermal
bcon tileblit font bitblit softcursor fuse
Pid: 7543, comm: modprobe Not tainted 2.6.24-12-generic #1
RIP: 0010:[snd_pcm:snd_pcm_timer_init+0x2f/0x1a0] [snd_pcm:snd_pcm_timer_init+0x2f/0x1a0] :snd_pcm:snd_pcm_timer_init+0x2f/0x1a0
RSP: 0018:ffff8100522cfd08 EFLAGS: 00010246
RAX: 0000000000000001 RBX: ffff8100622ed400 RCX: ffff8100522cfd20
RDX: 0000000000000000 RSI: ffffffff882d0648 RDI: ffff81005214dc00
RBP: ffff8100622ed200 R08: 0000000000000000 R09: ffff81007c652108
R10: 0000000000000000 R11: ffffffff803b6600 R12: 0000000000000018
R13: ffff8100622ed258 R14: 0000000000000001 R15: ffffffff882cfe48
FS: 00007f33698f86e0(0000) GS:ffffffff805b1000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000001 CR3: 000000005228e000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process modprobe (pid: 7543, threadinfo ffff8100522ce000, task ffff810059ff4f80)
Stack: 0000000000000003 0000000000000000 ffff8100622ed200 0000000000000018
 ffff8100622ed400 ffffffff882c57dd ffff81005214d800 ffffffff882ba903
 63304431436d6370 ffffffff881ce200 0000304431437768 ffff810059eb0440
Call Trace:
 [snd_pcm:snd_pcm_dev_register+0xfd/0x220] :snd_pcm:snd_pcm_dev_register+0xfd/0x220
 [snd_hwdep:snd_hwdep_dev_register+0xf3/0x1c0] :snd_hwdep:snd_hwdep_dev_register+0xf3/0x1c0
 [snd:snd_ctl_add+0x120/0x1e0] :snd:snd_ctl_add+0x120/0x1e0
 [snd:snd_device_register_all+0x2f/0x60] :snd:snd_device_register_all+0x2f/0x60
 [snd_hda_intel:snd_card_register+0x3b/0x390] :snd:snd_card_register+0x3b/0x390
 [parport_pc:init_module+0x283/0x390] :snd_bt_sco:alsa_card_bt_sco_init+0x2e3/0x334
 [sys_init_module+0x18e/0x1a90] sys_init_module+0x18e/0x1a90
 [<ffffffff80248e90>] sigprocmask+0x0/0xf0
 [system_call+0x7e/0x83] system_ca...

Read more...

Colin Ian King (colin-king)
Changed in linux:
assignee: ubuntu-kernel-team → colin-king
status: Triaged → In Progress
Revision history for this message
Colin Ian King (colin-king) wrote :

This kernel Oops occurs because btsco.c is built with the incorrect ALSA config settings due to the fact it is not built in the main ALSA tree. The missing config settings cause struct snd_pcm_str (defined in pcm.h) to be defined differently from the main ALSA core, causing a struct mismatch and eventually the kernel Oops when referencing pcm->stream[1].substream.

Changed in linux:
status: In Progress → Fix Committed
Revision history for this message
Leann Ogasawara (leannogasawara) wrote :

Just posting git commit info for this bug and marking this Fix Released for linux-ubuntu-modules-2.6.24

ogasawara@yoji:~/ubuntu-hardy-lum$ git log -p 2cb20fc8cfa793c811e3ffee39a6be5f3bf682bd
commit 2cb20fc8cfa793c811e3ffee39a6be5f3bf682bd
Author: Colin Ian King <email address hidden>
Date: Fri Mar 28 08:53:33 2008 +0000

    UBUNTU: snd_bt_sco kernel Oops at startup
    OriginalAuthor: Colin Ian King
    Bug: #202249

    btsco.c requires the correct ALSA build flags to make sure
    struct snd_pcm_str in pcm.h is defined the same way as the ALSA
    core to avoid the kernel Oops. We need to add in the appropriate
    flags as currently btsco.o is not part of the ALSA tree.

    Signed-off-by: Colin Ian King <email address hidden>

affects: linux (Ubuntu) → linux-ubuntu-modules-2.6.24 (Ubuntu)
Changed in linux-ubuntu-modules-2.6.24 (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.